Date: Wed, 26 Oct 2005 10:53:27 +0400 From: dawnshade <dawnshade@mail.ru> To: freebsd-stable@freebsd.org, anton@nikiforov.ru Cc: stable@freebsd.org Subject: Re: pf and short packets Message-ID: <200510261053.27853.dawnshade@mail.ru> In-Reply-To: <435E85AB.3070701@nikiforov.ru> References: <435E85AB.3070701@nikiforov.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 25 October 2005 23:21, Anton Nikiforov wrote: > =9Atcpdump -n -e -ttt -x -i pflog0 host 127.0.0.1 > 000034 rule 0/3(short): pass out on lo0: IP 127.0.0.1.514 > > 127.0.0.1.643: . ack 30 win 65535 > =9A =9A =9A =9A =9A0x0000: =9A4600 002c 6605 4000 0306 11c5 7f00 0001 =9A= =46..,f.@......... > =9A =9A =9A =9A =9A0x0010: =9A7f00 0001 0100 0000 0202 0283 8129 5dab =9A= =2E............)]. > =9A =9A =9A =9A =9A0x0020: =9A5db7 f2f2 5010 ffff 7dce 0000 =9A =9A =9A = =9A =9A =9A]...P...}... > 000034 rule 0/3(short): pass out on lo0: IP 127.0.0.1.514 > > 127.0.0.1.643: . ack 30 win 65535 > =9A =9A =9A =9A =9A0x0000: =9A4600 002c d21d 4000 0306 a5ac 7f00 0001 =9A= =46..,..@......... > =9A =9A =9A =9A =9A0x0010: =9A7f00 0001 0100 0000 0202 0283 8129 5dab =9A= =2E............)]. > =9A =9A =9A =9A =9A0x0020: =9A5db7 f2f2 5010 ffff 7dce 0000 =9A =9A =9A = =9A =9A =9A]...P...}... > > The rule for this packet is not a "log" one, but the sign (short) is > what i cannot understand. Read 'man 1 tcpdump' about key "-s". You command must be like "tcpdump -s 1000 -n -e -ttt -x -i pflog0 host=20 127.0.0.1" Change value 1000 to appropriate.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200510261053.27853.dawnshade>